List of supervisors and schedule
List of projects
Supervised by Karim Baghery
- A subversion-resistant SNARK
Non-Interactive Zero-Knowledge proofs (NIZKs) are a popular and powerful building block in designing various cryptographic protocols including veri able computation systems, anonymous credentials, signature of knowledges, privacy-preserving cryptocurrencies (such as Zerocoin, Zcash) and multi-party computation. Due to efficiency reasons, recently Zero Knowledge Succinct Non-Interactive ARguments of Knowledge (zk-SNARKs) have greatly accelerated to deploy in real practical systems.
A negative point regarding zk-SNARKs is that they need a one-time setup phase which needs to be done by a trusted third party, which is not desirable in some cases. Recently there was a question of what happens when the CRS (Common Reference String) has been subverted? More precisely, can we still guarantee soundness and zero-knowledge if CRS elements are subverted?
In ASIACRYPT 2016, Bellare, Fuchsbauer and Scafuro showed the fi rst negative and positive results in this direction, proving that it is impossible to achieve subversion soundness and subversion zero knowledge at the same time. In ASIACRYPT 2017, Abdolmaleki et al. showed how to make Groths zk-SNARK (the state-of-the-art one) for Circuit-SAT from EUROCRYPT 2016 computationally knowledge-sound and perfectly composable subversion ZK with minimal changes.
Task: The task is to read, understand and present the article "A subversion-resistant SNARK" from ASIACRYPT 2017.
https://eprint.iacr.org/2017/599.pdf
MSc or PhD level
Assigned to Hiie Vill
- An Empirical Analysis of Anonymity in Zcash
As discussed in second topic, Zcash is a cryptocurrency designed to provide anonymous transactions by hiding payment's origin, destination and the amount of transaction. In a recent empirical research, Kappos et al. [USENIXSECURITY18] tested the anonymity of deployed version of Zcash. They evaluate anonymity of Zcashs transactions from different point of views including its transparent transactions to the interactions with and within its main privacy feature, a shielded pool that acts as the anonymity set for users wishing to spend coins privately. Based on their result, it can be concluded that in some cases it is possible to shrink Zcash's anonymity set considerably by developing some heuristics based on identi able patterns of usage.
Task: The task is to read, and give an overview form their analysis given in the article "An Empirical Analysis of Anonymity in Zcash" from proceedings of the 27th USENIX Security Symposium, [KYMM18].
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-kappos.pdf
BSc, MSc or PhD level
Assigned to Andrei Perapiolkin
Supervised by Dan Bogdanov (Cybernetica)
- A survey of side channel attacks against Intel’s Software Guard eXtensions (SGX) enclaves
Trusted Execution Environments are features of modern processors that allow the processing of confidential information with hardware-level protection. Think of it like a box with somebody working inside. You can give the materials to work on through a hole and you will receive results through another hole. But you will not see what’s going on inside the box. Side-channel attacks are like listening next to the box with very good microphones and sensors, trying to understand what’s going on inside. You can also give work to the box in clever ways to see how long it takes to do it and use that to guess what is actually going on in the box.
SGX (https://software.intel.com/en-us/sgx) is an instruction set in Intel processors for creating Trusted Execution Environments. It has had its share of attacks in the last year, e.g., Foreshadow (https://foreshadowattack.eu). Your job as a student will be to 1) understand what SGX does, how it works. You’ll read the attack papers (some will be provided, you can find more) and write a survey describing the severity of the attack, complexity of launching it and mitigations. You will be supported by Cybernetica’s R&D personnel and we expect you to write a document that can be shared publicly. Thus, writing great English is a key skill. Understanding the principles of public key encryption is important as well. The rest can be learned quickly.
BSc or MSc level, MSc preferred
Supervised by Benson Muite
- Comparing Hashcat and John the Ripper
Hashcat and John the Ripper are two open source password cracking platforms. The aim is to compare their OpenCL implementations which can run on GPUs. Apart from examining speed on different devices, it would also be good to describe the implementation details used to get good performance. Porting an algorithm to use OpenCL and contributing it to one of these pieces of software is also a possibility. Examination of yescrypt, argon2 or other hashing schemes is also of interest.
References:
- John the Ripper, https://github.com/magnumripper/JohnTheRipper
- Hashcat, https://github.com/hashcat/hashcat
- Password hashing competition, https://password-hashing.net/
- P. Nguyen Setting up John the Ripper on Rocket, https://github.com/bichphuong1204/JohntheRipper
BSc or MSc level
- Computing and compression
Modern computing architectures typically have high compute capability, low bandwidth and small fast memory. Storing the data to be computed upon in a compressed format can help improve application performance. The aim of this project is to understand how effective compression can be on overall application performance. Some freedom in the choice of mini-application is available, but it is expected that both a theoretical analysis and practical implementation will be done.
References:
- Weißenberger and Schmidt, Massively Parallel Huffman Decoding on GPUs, https://github.com/weissenberger/gpuhd
- M. Simisker, A review of Asymmetric Numerical Systems, https://courses.cs.ut.ee/MTAT.07.022/2017_fall/uploads/Main/mart-report-f17.pdf , https://github.com/Martsim/crypto_seminar_2017_fall
- Lloyd, Barton, Tiotto and Amaral, Run-Length Base-Delta Encoding for High-Speed Compression, https://dx.doi.org/10.1145/3229710.3229715
- Pekhimenko, Seshadri, Mutlu, Gibbons, Kozuch, and Mowry, Base-Delta-Immediate Compression: Practical Data Compression for On-Chip Caches, https://dx.doi.org/10.1145/2370816.2370870 https://github.com/CMU-SAFARI/BDICompression
BSc, MSc or PhD level
Supervised by Janno Siim
- Zcash: Decentralized Anonymous Payments from Bitcoin
Introduction: Bitcoin is the fi rst well-known cryptocurrency where all transactions are linked together by public ledger. However payments are conducted between pseudonyms, but it is shown that Bitcoin cannot offer strong confi dentialitly and privacy and it is possible to link all transaction of a target user and violate his/her privacy. To deal with such privacy concerns, several solutions have been proposed,h one of those solutions is Zcash. More precisely, Zcash uses zero-knowledge Succinct ARgument of Knowledges (zk-SNARKs) to provide much more anonymous transactions by hiding payment's origin, destination and the amount.
Task: The task is to read, understand the procedure of construing Zcash and present the article "Zcash: Decentralized Anonymous Payments from Bitcoin", IEEE Security and Privacy Symposium 2014, [BCGG+14].
http://zerocash-project.org/media/pdf/zerocash-oakland2014.pdf
MSc or PhD level
Assigned to Shahla Atapoor
Supervised by Vitaly Skachek
- Blockchain storage using erasure codes
The existing blockchains suffer from a problem of scaling. Thus, storing a copy of the whole chain in each node, as it is done in many existing solutions, is extremely wasteful with respect to the storage resources. To avoid this problem, it is proposed to store a reduced amount of data in a new low storage nodes by using erasure codes. In this approach, any block of the chain can be easily rebuild from a small number of such nodes. This system encourages low storage nodes to contribute to the storage of the blockchain and to maintain decentralization despite of a globally increasing size of the blockchain.
[1] D. Perard, J. Lacan, Y. Bachy and J. Detchart, "Erasure code-based low storage blockchain node", https://arxiv.org/abs/1805.00860
BSc, MSc or PhD level
Assigned to Hamidreza Khoshakhlagh
- Comparison of Blockchain Consensus Algorithms
The most widely used blockchain consensus algorithms are the Proof of Work (PoW) algorithm and the Proof of Stake (PoS) algorithm; however, there are also other consensus algorithms which utilize alternative implementations of PoW and PoS, as well as other hybrid implementations and some altogether new consensus strategies. In this project, the student will perform a comparative analysis of typical consensus algorithms and some of their contemporaries that are currently in use in modern blockchains.
References:
[1] L.M.Bach, B. Mihaljevic, and M. Zagar, "Comparative Analysis of Blockchain Consensus Algorithms,"
MIPRO 2018, https://ieeexplore.ieee.org/document/8400278/
[2] T. Jenks, "Pros and Cons of Different Blockchain Consensus Protocols,"
https://www.verypossible.com/blog/pros-and-cons-of-different-blockchain-consensus-protocols
and other references.
BSc, MSc or PhD level
Assigned to Behzad Abdolmaleki
- Security of authentication protocols in 5G
For the next-generation of mobile communications (5G), the 3GPP workgroup has standardized the 5G AKA protocol. In this project, the student will study a protocol 5G AKA, and will discuss its strengthes and weaknesses in her/his report.
[1] D. Basin, J. Dreier, L. Hirschi, S. Radomirović, R. Sasse, and V. Stettler, "A Formal Analysis of 5G Authentication," https://arxiv.org/abs/1806.10360
[2] M. Dehnel-Wild and C. Cremers, "Security vulnerability in 5G-AKA draft," https://www.cs.ox.ac.uk/5G-analysis/5G-AKA-draft-vulnerability.pdf
BSc or MSc level
- Private Information Retrieval From a Cellular Network With Caching
Consider a scenario where a client wants to download content from a cellular network while achieving privacy. In particular, consider private information retrieval (PIR) of content from a library of files, i.e., the user wishes to download a file and does not want the network to learn any information about which file she is interested in. To reduce the backhaul usage, content is cached at the wireless edge in a number of small-cell base stations (SBSs) using maximum distance separable codes. A special PIR scheme is proposed for this scenario that achieves privacy against a number of spy SBSs that (possibly) collaborate.
Reference:
[1] S. Kumar, A. Graell i Amat, E. Rosnes, L. Senigagliesi, "Private Information Retrieval From a Cellular Network With Caching at the Edge", https://arxiv.org/pdf/1809.00872.pdf .
MSc or PhD level
Assigned to Raul-Martin Rebane
Supervised by Ahto Truu (Guardtime)
- Sparse Merkle Trees
Sparse Merkle trees (SMT) can prove both inclusion and omission, as opposed to regular Merkle trees which offer only proofs of inclusion. There are other variants like prefix trees, tries, and Patricia trees, to name a few. The goal of this research project is to compare SMTs to the other variants on their performance and suitability for different usage patterns, and also to identify and evaluate publicly available optimized implementations in Go and Java languages.
BSc and MSc level, suitable for students with software development inclinations
Supervised by Dominique Unruh
- KEMs and DEMs - building public key encryption schemes
When building public key encryption schemes, it is often best to use a hybrid approach: first encrypt a one-time key with a (slow) public key encryption scheme, and then encrypt the actual data with a (fast) symmetric encryption scheme. However, using full fledged encryption schemes for those building blocks is overkill, it turns out one can use weaker ones and get full security in the end, anyway. https://eprint.iacr.org/2006/265 systematizes the various ingredients and conditions needed for building secure encryption schemes.
Required background: Crypto I
Assigned to Mart Simisker
- Building post-quantum secure encryption schemes
Building post-quantum secure encryption schemes is challenging, many of the techniques in classical cryptography will not work any more. https://link.springer.com/chapter/10.1007/978-3-319-70500-2_12 discusses one such construction (building upon work by Targhi and Unruh) in a modular way.
Required background: Crypto I, possibly Quantum Crypto (can be heard in parallel)
Assigned to Reelika Tõnisson
- NIST quantum competition - the candidates
Give an overview over the submissions to the NIST competition for post-quantum secure cryptosystems. This competition is going to select future standards for cryptosystems that are supposed to withstand quantum attacks. (This is to a large part consolidation of different articles etc.)
Required background: Crypto I
Assigned to Helen Tera